The question has arisen about how to control what goes into the repository, and how to control what permissions people have in terms of publishing modules, approving modules, etc. Is there any way to set the type of authentication, assign permissions and introduce a review process? Or do we need something like ProGet for that?

The gallery doesn't support that kind of functionality. The intent is that you have a Continuous Integration pipeline that handles that. People check in code, the pipeline spins up automated tests, the tests pass, and the pipeline publishes the code. But that gallery in particular is intended as a very simple repo.

Thanks for your reply. I was afraid that might be the case. We intend to have a pipeline for our own stuff, but we figured 3rd party stuff would be added via publish-module by people with those permissions, and possibly with an approval process that allowed early adopters to try out modules that had not yet been approved.

This will probably be OK for us in the short term, though we might need something else eventually. At the moment I am just trying to drive the adoption of package managers over manually copying things around so simple is OK 🙂